I would like to ask if somebody has a good VLAN theme to write about. It has to be about VLANs, for example, connecting two VLANs through public network, use of IPsec or something like that... It is important that it is a pretty wide theme so that it is possible to write about 50-80 pages of text about that...
I did some checking around, and the references I find indicate that
50 pages is towards the upper end of a "short" Master's thesis and 80 pages is in the lower end of a "long" Master's thesis. A "long" Master's thesis is, in this matter, intended only for students who will be going on to further postgrad work, and counts as equivilent to 1/4 of the course-work that the "short" thesis students would undertake.
It seems to me that if one is expecting a paper equivilent to the upper-end of a Master's thesis, that one probably does not want a broad theme: one probably wants a more narrow theme with sufficient technical sophistication as to require a noticable amount of research and explication.
50-80 pages is, roughly speaking, 20000 to 30000 words. It is difficult for me to think of anything "broad" to say about VLANs that didn't come down to one of:
- a description of how to configure VLANs, and any special nuances, for the half-dozen most common model lines (e.g., Cisco, Nortel, Juniper...)
- a solid overview of VLANs and MLPS such as might be written for an O'Reilly "Topics in Routing" book
- techno-archiology studying the history of VLANs, the competing proposals, the advantages each would have had, and the politics and financial manipulations that resulted in what is now 802.1Q being chosen
Are you an instructor / advisor looking for topics to suggest to Masters level students for their thesis? To suggest for upper-year undergraduates for essay courses? To suggest for upper-year undergraduates for "project" courses?
Are you a student who has been assigned the broad topic of VLANs and is looking for inspiration of what, more specifically, to work on? If so, at what level and with what kind of target (essay, project, thesis)?
Are you an author or potential author looking for a framework for a potential journal article or book chapter?
I am student at last year at the university of electrotechnics. I have to write about 50-80 pages and make an application or something like that to show my own research at that project, if you understand what I mean. So, as I sad, it is important to be about VLANs. I thought it would be good to work on implementation of VLANs through public networks, using of IPsec, etc. But I need some inspiration to make a clear theme and to concentrate on it.
Okay, thanks for the clarification, I believe I understand now.
I suspect you would find it difficult to write that many pages about VLANs through public networks. VLANs through public networks differs from Layer 2 Tunnelling only in the slightly larger frame size.
Any of the respectable Layer 2 tunneling protocols already have to deal with encapsulation overheads, and PPPoE and the possibility that one of the ISPs along the line is doing some other kind of encapsulation... so I would suspect that any ipsec etc. done by anything other than the cheapest consumer devices, will already be able to cope with the larger frame.
Standard Layer 2 tunneling methods include GRE (IP Protocol 47), MPLS (not a seperate protocol), L2TP (UDP 1701), and L2TP/IPSec (L2TP structure embedded in IPSec ESP, so needs UDP 500 and IP Protocol 50)
Most consumer devices do not directly support GRE, but many do support PPTP, which uses a simple GRE encapsulation around a PPP packet.
I haven't seen any low-end devices that supported MPLS.
L2TP is not uncommon in Microsoft Windows.
L2TP/IPSec requires (if I recall correctly) a specific client before XP (or was it XP SP1) ?
Beyond that... VLANs over public networks involve encryption, authentication, and the ability to join physically seperated broadcast domains... all of which are handled well by existing protocols. So all you do is take your packet with the VLAN tag and pass it as a whole over any layer 2 tunneling service, and you have VLANs over public networks.
Nothing about this gets interesting until you want to start building VPN endpoint firewalls with multiple interfaces, with the interfaces distinguished by VLAN instead of by IP address and with the possibility of having the same IP range in different VLANs, to be treated differently. For example if 192.168.1.15 in vlan 13 is to be permitted access to different resources than 192.168.1.15 in vlan 42. The Cisco "virtual context" might perhaps be designed to address these issues; I haven't looked at what virtual contexts can do for you.
A couple of resources:
and the Cisco PIX 7.0 and ASA 5x00 and FWSM documentation for security context info.
Thanks a lot for this! But, could you explain it in more detail for me? I am not sure what you mean about that VPN endpoint firewalls and that example you gave. Sorry, but I do not speak English so good so I do not understand all of that you are saying.
I was using "VPN endpoint firewalls" to indicate a device that combines VPN termination and firewall facilities. The Cisco PIX series are examples of this combination.
The Cisco VPN3000 series is for VPN termination only, and does not have detailed controls over what can be accessed.
The Cisco FWSM (Firewall Services Module) for the Cisco 6500 & 7600 only does firewalls with no VPN facilities; and the Cisco VPNSM (VPN Services Module) for the Cisco 6500 & 7600 only does VPN with no firewall facilities, so if you want a high performance VPN and firewall on your Cisco 6500 or 7600, you would need to buy a FWSM and a VPNSM .... at about $US35000 for each of the modules!
.... I have partly written a more detailed explanation of what is needed and what I was referring to, but it is getting late and I need to head to bed before I can make the explanation interesting and readable.
Ah, I know: let me turn this around. As this is a learning experience for you in which you will be required to demonstrate to your instructor what you learned, then instead of me explaining the steps, how about if -you- outline the steps involved as far as you understand them, and we'll comment on your outline.
Suppose you have host A in private subnet X in VLAN 10 at site C (Client), and you need to get the packet to host B in private subnet Y in VLAN 10 at site S (Server), and that the two are connected by the Internet (which only deals with public IP addresses). How would you safely get the packet from one place to the other?
Assume that, as I described earlier, Layer 2 encapsulation can be seperated from encryption / VPN, and assume that there are firewalls at each end. Indicate each step at which a packet changes form or changes IP address, and describe the logical function that each of those steps is performing.
Or start with something a bit simpler, such as describing the packet sequence that would be used for layer 3 traffic in which VLANs were not involved. There are not really very many steps involved with that.